Network intrusion detection systems (NIDSes) often generate false alerts, reducing their usefulness. Target-based IDS is a new approach that focuses on detecting specific threats to known network features. Three target-based products are Cisco Systems' Cisco Threat Response 2.0 (CRT), Internet Security Systems' (ISS) Site Protector Security Fusion Module 2.0, and Tenable Network Security's Lightning Console 2.0. IDS noise reduction is the goal of all three programs. CTR has a flawed architecture, which Cisco is redesigning, and is reactive rather than proactive at detection. Fusion is difficult to set up, but has many useful tools. Lightning Console has both active and passive scanning capabilities, but has some drawbacks with respect to classifying vulnerabilities. All three reduce IDS noise, with Lightning Console providing the most noise reduction benefit, and CRT the least. Fusion has a good scanner, but uses a traditional approach that has limitations. CTR is better at verifying vulnerabilities than scanning, but does catch some threats that the other systems do not. It can, however, be a denial-of-service threat itself. Lightning has the most aggressive and comprehensive scanning capabilities. It also has the easiest-to- use tuning tools, but tuning is limited for all three applications. Target-based IDS is a new technology that offers some improvements over traditional IDS, but still has a number of drawbacks.